Senior IGA Engineer - (TS/SCI)

About The Position

Requirements

• Master's degree (MA/MS)
• 10+ years of relevant experience
• SailPoint Expertise: Extensive (5+ years) hands-on experience designing, implementing, and administering SailPoint (IdentityNow or IdentityIQ) in a large enterprise environment.
• Identity Lifecycle Management: Deep understanding of the Joiner-Mover-Leaver (JML) process and experience automating provisioning/deprovisioning workflows connected to HR systems and Active Directory.
• Directory Services: Strong knowledge of Active Directory, LDAP, and Azure Active Directory (Entra ID) structures and management.
• Governance Principles: Proven experience with Role-Based Access Control (RBAC) modeling, Separation of Duties (SoD) policy creation, and access certification campaigns.
• Certifications Required: CompTIA Security+ CE (or higher) to meet DoD 8570 IAT Level II requirements.
• Clearance: Active Top-Secret clearance with SCI eligibility.

Nice To Haves

• Experience implementing Attribute-Based Access Control (ABAC) strategies.
• Familiarity with DoD Identity, Credential, and Access Management (ICAM) reference designs.
• Knowledge of integration protocols such as REST, SCIM, and SOAP.
• Experience supporting USSOCOM or other DoD agencies.
• Preferred: SailPoint Certified IdentityNow Engineer or SailPoint Certified IdentityIQ Engineer.
• Preferred: Certified Identity and Access Manager (CIAM) or CISA.

Responsibilities

• SailPoint Architecture & Configuration: Lead the design, deployment, and ongoing management of SailPoint IdentityNow (or IIQ) to automate the full identity lifecycle (Joiner, Mover, Leaver) across hybrid and on-premises environments.
• ABAC Attribute Management: Define and manage the schema for "Trust Attributes" (e.g., Clearance, COI, Project Codes) within SailPoint, ensuring they align with the NIST 8112 metadata standard for consumption by policy decision points.
• Air-Gapped Identity Operations: Manage the offline instance of SailPoint on the Top-Secret network, developing the workflows to import "Attribute Manifests" and ensure that identity data remains synchronized with the low-side source of truth.
• Access Certification: Configure and execute automated access certification campaigns for critical data repositories and privileged roles, ensuring compliance with DoD audit requirements.
• Role Modeling: Work with mission owners to define Technical Roles and Business Roles within SailPoint, replacing broad, static Active Directory groups with granular, policy-driven access roles.

Benefits

• We offer competitive benefits package including paid time off, healthcare benefits, supplemental benefits, 401k including an employer match, discount perks, rewards, and more.
• We invest in our employees – Every employee is eligible for education reimbursement for certifications, degrees, or professional development.
• Reimbursement amounts may fluctuate due to IRS limitations.
• We want you to grow as an expert and a leader and offer flexibility for you to take a course, complete a certification, or other professional growth and networking.
• We are committed to supporting your curiosity and sustaining a culture that prioritizes commitment to continuous professional development.
• We work hard; we play hard.
• Kentro is committed to incorporating fun into every day.
• We dedicate funds for activities – virtual and in-person – e.g., we host happy hours, holiday events, fitness & wellness events, and annual celebrations.
• In alignment with our commitment to our communities, we also host and attend charity galas/events.
• We believe in appreciating your commitment and building a positive workspace for you to be creative, innovative, and happy.